[ticking] >> for more than a decade, the u.s. military establishment has treated cyberspace as a domain of conflict, where it would need the capability to fend off attack or launch its own. that time is here, because someone sabotaged a top secret nuclear installation in iran with nothing more than a long string of computer code. >> we have entered into a new phase of conflict in which we use a cyberweapon to create physical destruction. [ticking] >> viktor bout, in my eyes, is one of the most dangerous men on the face of the earth.

>> on the face of the earth? >> without a doubt. >> which is why the u.s. government launched an elaborate international sting to nab viktor bout. what makes bout so dangerous? and how did d.e.a. agents eventually grab him? the answers in our story later. [ticking] this is what espionage looks like. the man driving the car is gregg bergersen. he's a civilian analyst at the pentagon with one of the nation's highest security clearances. his companion is tai shen kuo, a spy for the people's republic of china. bergersen knew a secret that the chinese desperately wanted to know, and neither man knows that what they're about to do is being recorded by two cameras the fbi has concealed in their car. >> let you have the money. >> oh, oh. are you sure that that's okay? >> yeah, it's fine. >> welcome to 60 minutes on cnbc. i'm bob simon.

in this edition, we turn our attention to some foreign intrigue. first, a story about a mysterious computer virus that struck an iranian nuclear plant. later, the report of how american agents hunted a notorious arms dealer. and finally, an account of a chinese-american spy trying to steal u.s. military secrets for china. we begin with the story of stuxnet, a computer virus considered to be the world's first destructive cyberweapon. it was launched several years ago against an iranian nuclear facility, almost certainly with some u.s. involvement. but as steve kroft reported in march of 2012, the implications and possible consequences of this new kind of warfare are now being studied intensely. >> i do believe that the cyber threat will equal or surpass the threat from counter terrorism in

the foreseeable future. >> there's a strong likelihood that the next pearl harbor that we confront could very well be a cyber attack. >> we will suffer a catastrophic cyber attack. the clock is ticking. >> and there's reason for concern. for more than a decade, the u.s. military establishment has treated cyberspace as a domain of conflict, where it would need the capability to fend off attack or launch its own. that time is here, because someone sabotaged a top secret nuclear installation in iran with nothing more than a long string of computer code. >> we have entered into a new phase of conflict in which we use a cyberweapon to create physical destruction and, in this case, physical destruction in someone else's critical infrastructure. >> few people know more about the dark military art of cyberwar than retired general michael hayden. he's a former head of the national security agency and was cia director under george w. bush.

he knows a lot more about the attack on iran than he can say here. >> this was a good idea, all right? but i also admit this was a really big idea too. the rest of the world is looking at this and saying, "clearly, someone has legitimated this kind of activity as acceptable international conduct." the whole world is watching. >> the story of what we know about the stuxnet virus begins in june of 2010, when it was first detected and isolated by a tiny company in belarus after one of its clients in iran complained about a software glitch. within a month, a copy of the computer bug was being analyzed within a tight-knit community of computer security experts, and it immediately grabbed the attention of liam o murchu, an operations manager for symantec, one of the largest antivirus companies in the world. >> as soon as we saw it, we knew it was something completely different, and red flags started to go up

straightaway. >> to begin with, stuxnet was incredibly complicated and sophisticated, beyond the cutting edge. it had been out in the wild for a year without drawing anyone's attention and seemed to spread by way of usb thumb drives, not over the internet. o murchu's job was to try and unlock its secrets and assess the threat for symantec's clients by figuring out what the malicious software was engineered to do and who was behind it. how long was the stuxnet code? >> you're talking tens of thousands of lines of code, a very, very long project, very well written, very professionally written, and very difficult to analyze. >> unlike the millions of worms and viruses that turn up on the internet every year, this one was not trying to steal passwords, identities, or money. stuxnet appeared to be crawling around the world, computer by computer, looking for some sort of industrial operation that was using a specific piece of equipment, a siemens s7-300 programmable logic controller.

>> this gray box here is essentially what runs factory floors. and you program this box to control your equipment. and you say, "turn on the conveyor belt. turn on the heater. turn on the cooler. shut the plant down." it's all contained in that box. and that's what stuxnet was looking for. it wanted to get its malicious code onto that box. >> the programmable logic controller, or plc, is one of the most critical pieces of technology you've never heard of. they contain circuitry and software essential for modern life and control the machines that run traffic lights, assembly lines, oil and gas pipelines, not to mention water treatment facilities, electric companies, and nuclear power plants. >> and that was very worrying to us 'cause we thought it could've been a water treatment facility here in the u.s., or it could've been trying to take down electricity plants here in the u.s. >> the first breakthrough came when o murchu and his five-man team discovered that stuxnet was

programmed to collect information every time it infected a computer and to send it on to two websites in denmark and malaysia. both had been registered with a stolen credit card, and the operators were nowhere to be found. but o murchu was able to monitor the communications. >> well, the first thing we did was, we looked at where the infections were occurring in the world, and we mapped them out. and that's what we see here. we saw that 70% of the infections occurred in iran. that's very unusual for malware that we see. we don't normally see high infections in iran. >> please learn from stuxnet... >> two months later, ralph langner, a german expert on industrial control systems, added another piece of important information: stuxnet didn't attack every computer it infected. >> this whole virus is designed only to hit one specific target in the world. >> how could you tell that? >> it goes through a sequence of checks to actually determine if this is the right target. it's kind of a fingerprinting process, a process of probing if

this is the target i'm looking for, and if not, it just leaves the controller alone. >> stuxnet wasn't just looking for a siemens controller that ran a factory floor. it was looking for a specific factory floor, with a specific type and configuration of equipment, including iranian components that weren't used anywhere else in the world and variable speed motors that might be used to regulate spinning centrifuges, a fragile piece of equipment essential to the enrichment of uranium. and langner speculated publicly that stuxnet was out to sabotage iran's nuclear program. >> well, we knew at this time that the highest number of infections had been reported in iran, and second, it was pretty clear, just by looking at the sophistication, that there would be at least one nation-state behind this. you know, you just add one and one together. >> by the fall of 2010, the

consensus was that iran's top secret uranium enrichment plant at natanz was the target and that stuxnet was a carefully constructed weapon designed to be carried into the plant on a corrupted laptop or thumb drive, then infect the system, disguise its presence, move through the network, changing computer code, and subtly alter the speed of the centrifuges without the iranians ever noticing. sabotage by software. >> stuxnet's entire purpose is to control centrifuges, to make centrifuges speed up past what they're meant to spin at and to damage them. certainly it would damage the uranium enrichment facility, and they would need to be replaced. >> if the centrifuges were spinning too fast, wouldn't the operators at the plant know that? >> stuxnet was able to prevent the operators from seeing that on their screen. the operators would look at the screen to see what's happening with the centrifuges, and they wouldn't see that anything bad was happening. [ticking]

>> coming up, the danger of cyber warfare. >> you don't need many billions. you just need a couple of millions. and this would buy you a decent cyber attack, for example, against the u.s. power grid. >> that's next when 60 minutes on cnbc continues. customer erin swenson bought from us online today.

so, i'm happy. sales go up... i'm happy. it went out today... i'm happy. what if she's not home? (together) she won't be happy. use ups! she can get a text alert, reroute... even reschedule her package. it's ups my choice. are you happy? i'm happy. i'm happy. i'm happy. i'm happy. i'm happy. happy. happy. happy. happy. (together) happy. i love logistics. monarch of marketing analysis. with the ability to improve roi through seo

all by cob. and you...rent from national. because only national lets you choose any car in the aisle... and go. you can even take a full-size or above, and still pay the mid-size price. i'm going b-i-g. [ male announcer ] good choice business pro. good choice. go national. go like a pro.

>> it now seems likely that by the time liam o murchu and ralph langner finally unraveled the

mystery in november of 2010, stuxnet had already accomplished at least part of its mission. months before the virus was first detected, inspectors from the international atomic energy agency had begun to notice that iran was having serious problems with its centrifuges at natanz. >> what we know is that an iaea report said that 1,000 to 2,000 centrifuges were removed from natanz for unknown reasons. and we know that stuxnet targets 1,000 centrifuges. so from that, people are drawn to the conclusion, "well, stuxnet got in and succeeded." that's the only evidence that we have. >> the only information that's not classified. >> yes. >> and there are lots of things about stuxnet that are still top secret. who was behind it? >> what we do know is that this was a very large operation. you're really looking at a government agency from some country who is politically motivated and who has the insider information from a

uranium enrichment facility that would facilitate building a threat like this. >> an intelligence agency, probably. >> probably. >> we know from reverse engineering the attack codes that the attackers have full-- and i mean this literally-- full tactical knowledge of every damn detail of this plant. so you could say, in a way, they know the plant better than the iranian operator. >> we wanted to know what retired general michael hayden had to say about all this, since he was the cia director at the time stuxnet would have been developed. you left the cia in 2009? >> 2009, right. >> does it surprise you that this happened? >> you need to separate my experience at cia with your question, all right? >> right. you can't talk about the cia. >> no, and i don't even want to suggest what may have been on the horizon or not on the horizon, or anything like that. >> right. if you look at the countries that have the capability of designing something like stuxnet and you take a look at the countries that would have a motive for trying to destroy natanz--

>> where do those two sets intersect? >> you're pretty much left with the united states and israel. >> well, yes, but there is no good with someone of my background even speculating on that question, so i won't. >> iran's president, mahmoud ahmadinejad, shown here at natanz in 2008, blamed the cyber attack on enemies of the state and downplayed the damage. both the u.s. and israel maintain that it set back the iranian program by several years. what's impossible to know is how much damage the attackers might have inflicted if the virus had gone undetected and not been exposed by computer security companies trying to protect their customers. >> they planned to stay in that plant for many years and to do the whole attack in a completely covert manner, that anytime a centrifuge would break, the operators would think, "this is, again, a technical problem that we have experienced," for example,

"because of poor quality of these centrifuges that we are using." >> we had a good idea that this was a blown operation, something that was never meant to be seen. it was never meant to come to the public's attention. >> you say blown, meaning? >> if you're running an operation like this to sabotage a uranium enrichment facility, you don't want the code uncovered. you want it kept secret, and you want it just to keep working, stay undercover, do its damage and disappear, and hopefully nobody would ever see it. >> do you think this was a blown operation? >> no, not at all. i think it's an incredibly sophisticated operation. >> but general hayden did acknowledge that there are all sorts of potential problems and possible consequences that come with this new form of warfare. >> when you use a physical weapon, it destroys itself, in addition to the target, if it's used properly. a cyberweapon doesn't. so there are those out there who can take a look at this, study it, and maybe even attempt to turn it to their own purposes.

>> such as launching a cyber attack against critical infrastructure here in the united states. until the fall of 2011, sean mcgurk was in charge of protecting it, as head of cyber defense at the department of homeland security. he believes that stuxnet has given countries like russia and china, not to mention terrorist groups and gangs of cybercriminals for hire, a textbook on how to attack key u.s. installations. >> you can download the actual source code of stuxnet now and you can repurpose it and repackage it and then, you know, point it back towards wherever it came from. >> sounds a little bit like pandora's box. >> yes. >> whoever launched this attack-- >> they opened up the box. they demonstrated the capability. they showed the ability and the desire to do so, and it's not something that can be put back. >> if somebody in the government had come to you and said, "look, we're thinking about doing this. what do you think?" what would you have told them? >> i would have strongly cautioned them against it

because of the unintended consequences of releasing such a code. >> meaning that other people could use it against you? >> yes. >> or use their own version of the code. >> something similar. son of stuxnet, if you will. >> as a result, what was once abstract theory has now become a distinct possibility. if you can do this to an uranium enrichment plant, why couldn't you do it to a nuclear power reactor in the united states or an electric company? >> you could do that to those facilities. it's not easy. it's a difficult task, and that's why stuxnet was so sophisticated, but it could be done. >> you don't need many billions. you just need a couple of millions. and this would buy you a decent cyber attack, for example, against the u.s. power grid. >> if you were a terrorist group or a failed nation-state and you had a couple of million dollars, where would you go to find the people that knew how to do this? >> on the internet. >> they're out there? >> sure. >> most of the nation's critical

infrastructure is privately owned and extremely vulnerable to a highly sophisticated cyberweapon like stuxnet. >> i can't think of another area in homeland security where the threat is greater and we've done less. >> after several failures, congress is once again trying to pass the nation's first cybersecurity law. and once again, there is fierce debate over whether the federal government should be allowed to require the owners of critical infrastructure to improve the security of their computer networks. whatever the outcome, no one can say the nation hasn't been warned. >> since the story first aired, new information about stuxnet has been revealed. according to the new york times, stuxnet was part of a secret u.s.-israeli operation hatched during the bush administration and accelerated under president obama. according to the report, the operation was code-named

"olympic games." [ticking] coming up: american agents track the world's most notorious arms dealer. >> he's arming not only designated terrorist groups, insurgent groups, but he's also arming very powerful drug trafficking cartels around the globe. >> the "merchant of death," when 60 minutes on cnbc returns. [ticking]

♪ [ male announcer ] introducing a stunning work of technology. introducing the entirely new lexus es. and the first-ever es hybrid.

this is the pursuit of perfection. wanted to provide better employee benefits while balancing the company's bottom line, their very first word was... [ to the tune of "lullaby and good night" ] ♪ af-lac ♪ aflac [ male announcer ] find out more at... [ duck ] aflac! [ male announcer ] ...forbusiness.com. [ yawning sound ] -oh, that's just my buds. -bacon. -my taste buds. -[ taste buds ] donuts. how about we try this new kind of fiber one cereal? you think you're going to slip some fiber by us? okay. ♪ fiber one is gonna make you smile. ♪ [ male announcer ] introducing new fiber one nutty clusters and almonds. [ticking] >> viktor bout was an illusive international arms dealer known to law enforcement officials as the "merchant of death."

according to the d.e.a., he sold weapons to insurgent groups, terrorists, and warring factions around the world. bout was thought to be uncatchable, but as cbs news correspondent armen keteyian reported in 2010, that didn't stop the d.e.a. from trying. >> viktor bout, in my eyes, is one of the most dangerous men on the face of the earth. >> on the face of the earth? >> without a doubt. >> mike braun, the former chief of operations for the u.s. drug enforcement administration, told us bout first exploded on the scene in war-torn west africa in the late 1980s, elevating bloody conflicts from machetes and single shot rifles to... >> ak-47s, not by the thousands, but by the tens of thousands. >> so he weaponizes civil war in africa. >> he transformed these young adolescent warriors into insidious, mindless, maniacally

driven killing machines that operated with assembly line efficiencies. >> bout, from the soviet republic of tajikistan, is a mystery man who reportedly served in the soviet air force and intelligence service. the u.s. has indicted him on four terror-related charges, including conspiracy to kill americans. what makes him a threat to the united states? he is a shadow facilitator. he's arming not only designated terrorist groups, insurgent groups, but he's also arming very powerful drug trafficking cartels around the globe. >> taking advantage of russian military contacts at the highest levels and the collapse of the soviet union, federal prosecutors allege bout essentially became a one-stop shop, offering an unlimited supply of stockpiled cold war weapons to bad guys around the world, including charles taylor of liberia, who was later convicted of war crimes. according to the u.s. indictment, bout had a unique

selling point when it came to weapons trafficking: a fleet of cargo airplanes capable of transporting weapons and military equipment anytime, anywhere. more than 60 planes in all, his own private air force. >> those russian aircraft were built like flying dump trucks. he could move this stuff and drop it with pinpoint accuracy to any desert, to any jungle, to any other remote place in the world, right into the hands of what i refer to as the potpourri of global scum. >> by the late 1990s, bout was a legend in the shadowy world of illicit arms dealing, so illusive that the only two pictures that surfaced of him back then were taken without bout's knowledge by a belgian photographer. later, bout became the inspiration behind the nicolas cage character in the movie lord of war. >> i was an equal opportunity merchant of death. i supplied every army but the salvation army. >> u.s. treasury documents

reveal a bout empire so sophisticated, so complex-- hidden behind a thick curtain of front companies-- that even the u.s. government unwittingly contracted with two of his companies to deliver supplies to u.s. troops in iraq. >> juan zarate, deputy national security advisor in the second bush white house and a cbs news consultant, told us hiring bout was a mistake. >> this was one of the grave complications for the united states. viktor bout's tentacles reached so far and so deep that he had access to planes that could provide services for the u.s. government. >> zarate admitted the u.s. could do business with bout, but it couldn't catch him. >> i had always thought of viktor bout as untouchable. and i also, frankly, didn't think that anyone could get to him. >> a challenge zarate from the white house threw out at a meeting with mike braun and his d.e.a. team. the d.e.a. had just pulled off a string of extraordinarily successful captures of

high-value terrorism targets around the world, like afghan drug lords. >> d.e.a. agents live for the hunt. >> but, mike, no one had even gotten a sniff on this guy. >> let me tell you something, armen, when i'm sitting there next to juan and my guys are sitting across the table from him--the very best that our government's got to offer--and he tosses this out on the table, and i look at him in the eyes and they're looking back at me, like, "we'll do this. we can do this." >> but it was about a 5% chance in the back of my mind. and so, you know, i wished them well, and i went back to the white house. >> mike braun's thinking 95%, okay. 5 and 95 make 100. he was going down. he was in our crosshairs. [ticking] >> coming up: the sting hits a possible snag. >> the thought did cross my mind that something really bad is gonna happen to him right here. >> that story when 60 minutes on cnbc returns.

[ticking] up. a short word that's a tall order. up your game. up the ante. and if you stumble, you get back up. up isn't easy, and we ought to know. we're in the business of up. everyday delta flies a quarter of million people while investing billions improving everything from booking to baggage claim. we're raising the bar on flying and tomorrow we will up it yet again.

how did i get here? dumb luck? or good decisions? ones i've made. ones we've all made. about marriage. children. money. about tomorrow. here's to good decisions. who matters most to you says the most about you. massmutual is owned by our policyholders so they matter most to us. massmutual. we'll help you get there.

sleep train's inventory clearance sale is ending soon. save 10%, 20%, even 35% on a huge selection of simmons and sealy clearance mattresses. get 2 years interest-free financing on tempur-pedic. even get free delivery! sleep train stacks the savings high to keep the prices low. but hurry, the inventory clearance sale is ending soon. superior service, best selection, lowest price, guaranteed. ♪ sleep train ♪ your ticket to a better night's sleep ♪

[ticking] >> the d.e.a. supervisor in charge of the hunt for arms dealer viktor bout was louis milione. >> we felt that we could create a scenario that would pull him in. >> the plan was to pull bout out of moscow with a huge arms deal he couldn't refuse. to do that, the d.e.a. hired an undercover agent to contact a trusted associate of bout's named andrew smulian. the d.e.a. operative said he had a big business deal for bout. i'm thinking in terms of fishing here. it's almost like you've thrown the line in the water. there's a little bit of bait. this is a business proposition, and you're waiting to see if

anything comes back with a nibble. >> we're really waiting to see-- yeah, exactly--what smulian says and, you know, what he says about bout. >> and as it comes back, "spoke to boris. anything possible with farming equipment?" >> that's correct. >> "boris" was code for bout, "farming equipment" for weapons. that exchange led to the island of curacao, a few hundred miles off the coast of colombia. it was here that bout's buddy, andrew smulian, would first meet the two d.e.a. undercover operatives posing as officials in the colombian rebel terrorist group known as the farc. >> the two fake rebels, eduardo and el comandante, would say they want to buy millions of dollars' worth of weapons to fight the colombian army and the u.s. military pilots protecting them. smulian has to believe that eduardo and el comandante are real. >> right, if smulian doesn't believe it, we're done, and, uh--and we go home. >> the meeting is about to take place.

what's your temperature like? >> oh, your heart rate is up a little bit, and your adrenaline's going a little bit. you have butterflies. >> emotions that only escalated when, at this hotel in curacao, the fake rebels tell smulian, bout's buddy, they want to spend $12 million on everything from sniper rifles to surface-to-air missiles. >> he bites off on it. in fact, he eats the whole thing whole. so it was very successful. >> so successful, smulian immediately flew to moscow to present the deal to boris, the man the d.e.a. believes is bout. two weeks later, in another meeting, this time in copenhagen, smulian told the d.e.a. operatives that his russian business partner really liked the deal, and then he revealed who that man in moscow really is. >> "do you know who this man is that we're getting the weapons from? this is bout. b-o-u-t. he's wanted by the world. they call him the 'merchant of death.'" >> b-o-u-t. >> yeah, he spelled it out for him. we marveled that smulian

would do that, but it was just great evidence. >> the d.e.a. was in the game, but bout was still safe and secure in russia and reluctant to leave. the d.e.a. undercovers insisted they couldn't go to moscow but had to meet bout to seal the deal. >> and bout's gonna know that that's how these deals are gonna work. comandante is not going to release these millions of dollars for these weapons to anybody until he at least shakes hands, talks, looks bout in the eye, and then we can move on. that's how we countered, and bout went for it. >> next stop, romania, just three days later. the play was to entice bout to bucharest, claiming that's where the money was stashed to pay for the weapons. bout said he'd come, but then he had trouble getting a visa. the case stalled. after ten days of waiting for bout, the top d.e.a. agent made a gutsy call to walk away. so you've been chasing this guy hard for two months. you almost got him, and you got to make the decision

to step away from the table. >> if we were real, we wouldn't stay there forever. we're gonna now step away and say, "look we need to take care of some other things, but it's time for us to leave." >> over the next two weeks, milione came up with a new plan to reel bout in. the phony rebels told bout they would be in bangkok soon. asked if he could get there, bout agreed. the morning bout arrived in bangkok, the d.e.a. and thai police had gathered downtown, waiting for word from cops at the airport that the "merchant of death" had landed. >> they call us in the room and they tell us that he's here. >> what was the moment like there? >> it was just unbelievable, because we knew--at that point, you know you're kind of, like, holding on as you climb up the mountain at different points in the investigation. this was one where at that point, i believed, and the other investigators believed, not only are we in the game, he shows up at this meeting, we've got him. he's gonna be arrested. >> bout drove to this hotel and met the two fake arms buyers in

a conference room on the 27th floor. here, the d.e.a.'s undercover team told bout they want his weapons to kill americans. >> the comandante and eduardo make it very clear. they said, "we're fighting against the united states." bout responds and says, "look, they're after me too." he said, "but we are together in this. they are my enemy also." eduardo and comandante talk about how they want sniper sights for the rifles that they have so that they could, "start blowing the heads off american pilots." bout's response immediately is, "yes." >> then the d.e.a. said bout jotted down on these pages what he intended to deliver for $12 million, including between 700 and 800 surface-to-air missiles. >> 5,000 ak-47s, antipersonnel mines, fragmentation grenades, armor piercing rockets, money laundering services, and all within the context of speaking about a shared ideology of communism and fighting against the americans. >> after two hours, one of the

d.e.a. undercovers made a call, a signal it was time to move in. within minutes, the thai police and d.e.a. agents burst into the room. >> we see bout across the far end of, like, a boardroom type table, standing up with his hands inside his briefcase, and they give him the command to put his hands up, and he hesitates. and they immediately focused in with their weapons and gave him the command again. >> are you thinking, "we've come all this way to see viktor bout shot by a thai policeman"? >> the thought did cross my mind that something really bad is gonna happen to him right here, but then he complied. >> it turned out there was no weapon in the briefcase. the disarming of viktor bout was now officially complete. >> the thais cuff him. he's taken into custody. smulian's taken into custody. >> does bout say anything? >> "the game is over," or something like that. >> "the game is over." >> right. >> but then a new game began: bout became the center of a legal tug-of-war between the

u.s. and russia, which wanted him released back to moscow. bout and the russians managed to delay his extradition to america for more than 2 1/2 years. but on november 16, 2010, after a sting that played out on three continents, the d.e.a. finally got their man. when bout rode under tight security in a convoy to jail in manhattan, riding right along with him was louis milione. this is the "lord of war," the "merchant of death." >> right. >> and you've got him in your hands. >> right, he's in custody. it's a great feeling. it's an absolutely great feeling. >> bout's trial in new york was swift: only three weeks. the jury convicted him of conspiracy to sell weapons to men he believed were colombian terrorists intent on killing americans. in april of 2012, viktor bout was sentenced to 25 years in prison. [ticking]

coming up next: what espionage looks like. >> let you take the money. >> oh, oh. are you sure that that's okay? >> yeah, yeah, fine. >> you're sure? >> stealing america's secrets, when 60 minutes on cnbc returns. [ticking] [ male announcer ] the 2013 smart comes with 8 airbags, a crash management system and the world's only tridion safety cell which can withstand over three and a half tons.

small in size. big on safety. which can withstand over three and a half tons. boproductivity up, costs down, thtime to market reduced... those are good things. upstairs, they will see fantasy. not fantasy... logistics. ups came in, analyzed our supply chain, inventory systems... ups? ups. not fantasy? who would have thought? i did. we did, bob. we did. got it.

challenge the need for such heavy measures with olay. regenerist micro-sculpting serum for firmer skin in 5 days. pretty heavy lifting for such a lightweight. [ female announcer ] olay regenerist. [ male announcer ] the exceedingly nimble, ridiculously agile, tight turning, fun to drive 2013 smart. ♪

>> this is a case of two guys who didn't set out to be spies, but it turned out that way, at

least partly, because of money: one, a chinese-american businessman, the other, a pentagon analyst. the fbi discovered the analyst was planning to pass classified information to china and installed hidden cameras in their car. and as scott pelley reported in 2010, the two spies were caught red-handed. >> there's a nice thai restaurant out there. >> oh, okay. >> this is what espionage looks like. the man driving the car is gregg bergersen. he's a civilian analyst at the pentagon with one of the nation's highest security clearances. his companion is tai shen kuo, a spy for the people's republic of china. this is kuo in an fbi surveillance photo. he was born in taiwan, but he's a naturalized american citizen who owns a number of businesses in louisiana. and this is bergersen, who worked at the pentagon's defense security cooperation agency,

which manages weapons sales to u.s. allies. bergersen knew a secret that the chinese desperately wanted to know: what kind of weapons was america planning to sell to taiwan, the rebellious chinese island that mainland china wants to reclaim. it's july 2007. they're driving outside washington, and neither man knows that what they are about to do is being recorded by two cameras the fbi has concealed in their car. >> i'll just give you-- let you have the money. >> oh, oh. are you sure that that's okay? >> yeah, yeah, fine. >> you're sure? >> we watched the tape with john slattery, the fbi agent at headquarters who oversaw the case. he retired as a deputy assistant director. what's happening there? >> information has been passed prior, and this is reward for that, or there is expectation that passage of information is forthcoming. so that's what's happening right here. >> how much money is he holding

in his hand? >> i think we're probably looking at about $2,000 thereabouts. >> tai shen kuo's money and contacts came to the fbi's attention while the bureau was investigating a different chinese espionage case. they followed him, tapped his phone, watched his email, and all of that led to bergersen. in the car, the pentagon employee and chinese spy were plotting the handover of secret documents that listed future weapons sales to taiwan and details of a taiwanese military communications system. >> i'm very, very, very, very reticent to let you have it because it's all classified, but i will let you see it, and you can take all the notes you want, which i think you can do today. but if it ever fell into the wrong hands--and i know it's not going to--but if it ever

was-- >> okay, that's fair. >> then i would be fired for sure. i'd go to jail, because i violated all the rules. >> when it comes to espionage against the united states, is china now the number one threat that we face? >> i would be hard-pressed to say whether it's the chinese or it's the russians, but they're one, two, or two, one. >> michelle van cleave was america's top counterintelligence officer. working for the director of national intelligence, she was in charge of coordinating the hunt for foreign spies from 2003 to 2006. >> the chinese are the biggest problem we have with respect to the level of effort that they're devoting against us versus the level of attention we are giving to them. >> the chinese have stolen technology used in the space shuttle and in submarine propulsion systems. in the late 1990s, a congressional commission found that china now holds the

most closely guarded secrets america had. >> we learned, and the cox commission reported, that the chinese had acquired the design information for all u.s. thermonuclear weapons currently in our inventory. >> make sure i understand. the chinese are in possession today of the designs of all of our nuclear weapons? >> yes. >> how did they get that? >> the questions of how they acquired it remain, to some extent, unknown. >> how the u.s. lost its atomic secrets may be unknown, but there are fewer mysteries in the case of tai shen kuo and gregg bergersen. the fbi says that kuo wanted to expand his louisiana businesses into china, and when he sought permission from beijing, the chinese asked for a few favors for their intelligence service.

the $2,000 was only part of kuo's development of bergersen. kuo wined and dined his spy, and bergersen seemed to have an appetite for espionage. at one dinner, kuo's tab came to $710. and the day of the ride, kuo brought a box of expensive cigars. all the while, kuo lied to bergersen, telling him that the information was being passed to taiwan, the u.s. ally. does that make any difference in the law, whether you're spying for a hostile government or a friendly one? >> of course not. classified information's not allowed to be passed without, you know, certain approvals, to any foreign government. >> but i think when you see the information, you can get out of it what you need. [ticking] >> coming up: what information does chinese intelligence want? >> for example, what president obama thinks right now. >> they want to know what

president obama thinks. >> yes. >> that and more, when 60 minutes on cnbc returns. [ticking] now, that's what i call a test drive. silverado! the most dependable, longest lasting, full-size pickups on the road. so, what do you think? [ engine revs ] i'll take it. [ male announcer ] it's chevy truck month.

now during chevy truck month, get 0% apr financing for 60 months or trade up to get the 2012 chevy silverado all-star edition with a total value of $8,000. hurry in before they're all gone! if we want to improve our schools... ...what should we invest in? maybe new buildings? what about updated equipment? they can help, but recent research shows... ...nothing transforms schools like investing in advanced teacher education. let's build a strong foundation. let's invest in our teachers so they can inspire our students. let's solve this.

for the spender who needs a little help saving. for adding "& sons." for the dreamer, planning an early escape. for the mother of the bride. for whoever you are, for whatever you're trying to achieve, pnc has technology, guidance, and over 150 years of experience to help you get there. ♪ wanted to provide better employee benefits while balancing the company's bottom line, their very first word was... [ to the tune of "lullaby and good night" ] ♪ af-lac ♪ aflac [ male announcer ] find out more at... [ duck ] aflac! [ male announcer ] ...forbusiness.com. [ yawning sound ] oh, hey alex.

just picking up some, brochures, posters copies of my acceptance speech. great! it's always good to have a backup plan, in case i get hit by a meteor. wow, your hair looks great. didn't realize they did photoshop here. hey, good call on those mugs. can't let 'em see what you're drinking. you know, i'm glad we're both running a nice, clean race. no need to get nasty. here's your "honk if you had an affair with taylor" yard sign. looks good. [ male announcer ] fedex office. now save 50% on banners. [ticking] >> the recruitment of pentagon analyst gregg bergersen by chinese intelligence has a familiar ring to fengzhi li. li recruited spies for china as an officer of the ministry of state security. the mss is their cia. give me a sense of all the different ways you would persuade someone to spy for china? >> that will be a long story. >> i've got time. >> oh, okay. >> in our interview, li switched

between english and mandarin. he worked for chinese intelligence 14 years, recruiting spies in russia. he is now seeking political asylum in the u.s. >> [speaking mandarin] >> male translator: let me say this. intelligence work is different from other kind of work. when i target 100 people, even if 99 people have refused me, if there is one i persuade... >> that's enough. >> that's enough. >> mm-hmm. yeah. >> li told us that he recruited spies through blackmail and sometimes greed, especially if someone wanted to do business in china. once, he says his agents recruited the official photographer for a european head of state that he still won't name. would you say the mss spends most of its effort on the united states? >> [speaking mandarin] >> definitely. without a doubt. >> what would some examples be of the kind of information that mss was interested in getting a hold of? >> for example, what president

obama thinks right now. >> they want to know what president obama thinks. >> yes. >> if you make me part of the owner... >> thanks to gregg bergersen, the chinese were about to find out just what sort of weapons america intended to sell to taiwan. the day of that car ride, bergersen drove kuo and the secret documents to a restaurant outside washington, d.c. inside the restaurant, kuo copied the secrets by hand. out in the parking lot, bergersen waited with a glass of wine, one of those cigars, and the fbi in tow. as they left, bergersen just couldn't stop talking. >> but i will be very careful to keep my tracks clean and no fingerprints. just like these documents-- no fingerprints. i can't afford to lose my job. >> later, kuo left the u.s. for beijing. but while he waited for his

flight, federal agents got into his bags, photocopied his handwritten notes, and put them back. kuo's notes matched the secret document on the right. but john slattery, who oversaw the case for the fbi, told us the bureau didn't make arrests until six months later. but, i mean, this is drop-dead evidence. an espionage is occurring. why didn't you arrest them sooner than that? >> well, these investigations are tremendously complex and tremendously difficult to begin with. >> the department of defense wants you to stop it right away. >> please, sooner than later, but the fbi says, "well, listen, we want to make sure we can sustain a conviction here. and are there other players in this?" >> it turns out there were other players. kuo had another source inside the pentagon, and kuo was connected to spies on the west coast who were giving up u.s. space and naval technology. presumably, the u.s. is doing the same kind of spying in

china, but michelle van cleave says america has so much more to lose. >> i think we're a real candy store for the chinese and for others in terms of technology and commercial products or other proprietary information, and so we will always be the principal target for them. >> what is the most serious damage that chinese espionage has done to the united states? >> it's the totality of the collection effort. take a case like this or cases like this-- traditional espionage, penetration of the interior-- couple that with industrial and economic collection. couple that with cyber. it greatly concerns me. it greatly concerns me. >> well, i hope this all works out. i mean, you are helping me a lot here, but i don't want anyone to know about our relationship or anything because it could get me in a lot of trouble. >> bergersen kept saying,

"i could go to jail," and both men did. in 2008, prosecutors showed them this tape, and they plead guilty. bergersen got almost five years for communicating national defense information. kuo, a naturalized american citizen, is in a u.s. prison doing 15 years for espionage. for every case that is broken, like the bergersen case, for example, how many others are there that we have no idea about? >> oh, isn't that the important question? you never know what you don't know. but, certainly, we have seen such an extensive range of activities by the chinese that it should make you very uncomfortable. >> since this story aired, tai shen kuo's sentence was reduced to five years because he cooperated with the prosecution, and the judge felt the damage to national security had been limited. he's scheduled to be released in june of 2012.